[Tickets #14857] Re: Multiple XSS security vulnerabilities

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Sep 26 17:44:21 UTC 2018


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
  Ticket             | 14857
  Updated By         | Michael Rubinsky <mrubinsk at horde.org>
  Summary            | Multiple XSS security vulnerabilities
  Queue              | Horde Groupware
  Version            | 5.2.22
  Type               | Bug
-State              | Resolved
+State              | Assigned
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             | Michael Rubinsky
------------------------------------------------------------------------------


Michael Rubinsky <mrubinsk at horde.org> (2018-09-26 17:44) wrote:

>> These are all fixed, and released in
>>
>> horde/base
>> horde/Core
>> horde/Kronolith
>>
>> A release of the groupware bundles will be forthcoming.
>
> Thank you very much for fixing these issues. Would it be possible to  
> document which commit fixed a specific CVE? That would allow me and  
> others to easily reference the patches.

Ah, right:

CVE-2017-16906:   
https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d
CVE-2017-16907:  
https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230  
and
https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230
CVE-2017-16908:  
https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716

...and now as I'm doing this, I see that the last CVE referenced in  
your original report wasn't talked about on that blog page, so I  
missed it. Let me review that one to see if it's still pertinent or  
not....






More information about the bugs mailing list